<?php

/**
 * @author Tuan Anh
 * @copyright 2012
 */

class UserManager {
    private $db;
    
    function __construct($db){
        $this->db = $db;
    }
    /**
     * success  : return uid
     * fail     : return "-1"
     * */
    function login($username, $hash){
        $query = "SELECT uid FROM user WHERE username = '$username' AND password = '$hash'";
        $this->db->dbQuery($query);
        
        if($this->db->result['numRows'] == 1){
            $row = $this->db->fetchResult();
            return $row["uid"];
        }
        else{
            return "-1";
        }    
    }
    
    function checkPassword($uid, $password){
        $hash = $this->hashPassword($password);
        $query = "SELECT uid FROM user WHERE uid = '$uid' AND password = '$hash'";
        $this->db->dbQuery($query);
        
        if($this->db->result['numRows'] == 1){
            return true;
        }
        else{
            return false;
        } 
    }
    function changePassword($post){
        if($this->checkPassword($post['uid'], $post['oldpassword'])){
            $hash = $this->hashPassword($post['newpassword']);
//            $query = "UPDATE user SET password = '$hash' WHERE uid = '".$post['uid']."'";echo $query;
            $this->db->dbQuery($query);
            return true;
        }else{
            return false;
        }
    }

    function getuid($key, $value){
        $query = "SELECT uid FROM user WHERE $key = '".$value."'";//echo $query;
        $this->db->dbQuery($query);
        $row = $this->db->fetchResult();
        return $row['uid'];
    }

    function forgotPassword($post){
        $uid = $this->getuid("email", $post['email']);//echo $uid;
        if($uid == ''){
            return false;
        }else{
            $hash = $this->hashPassword($post['newpassword']);
            $query = "UPDATE user SET password = '$hash' WHERE uid =".$uid;//echo $query;
            $this->db->dbQuery($query);
            return true;
        }
    }
    
    function hashPassword($password){
        return hash("md5", $password);
    }
    
    public function register($username, $hash, $email){
        $query = "INSERT INTO user(username, password, email, reg_date) VALUES('$username','$hash','$email',CURDATE())";
//           echo $query;
        $this->db->dbQuery($query);
    }

    public function updateinfo($info){
//        $query = "UPDATE user set fullname = '".$info['fullname']."', dob = '".$info['dob']."', address = '".$info['address']."', sex = ".$info['sex'].", email ='".$info['email']."', mobile = '".$info['mobile']."', job = '".$info['job']."' WHERE uid = ".$info['uid']."";
        $query = sprintf("UPDATE user SET fullname ='%s', dob = '%s', address = '%s', sex = '%s', email = '%s', mobile = '%s', job = '%s' WHERE uid = %s " , mysql_real_escape_string($info['fullname']), date('Y-m-d',strtotime(mysql_real_escape_string($info['dob']))), mysql_real_escape_string($info['address']), mysql_real_escape_string($info['sex']), mysql_real_escape_string($info['email']), mysql_real_escape_string($info['mobile']), mysql_real_escape_string($info['job']), mysql_real_escape_string($info['uid']) );

//        echo $query;
        $this->db->dbQuery($query);
        return true;
    }

    public function getinfo($uid){
        $query = "SELECT * FROM user WHERE uid = $uid";
        $this->db->dbQuery($query);
        return $this->db->fetchResult();
    }

    public function checkUsername($username){
        $query = "SELECT username FROM user Where username = '{$username}'";    //echo $query;
        $this->db->dbQuery($query);
        if($this->db->result['numRows'] >= 1)
            return true;
        else
            return false;
    }


}

?>